MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9235974f9e59e5c090bbc7dfa871c402e97cd276007b56383aaee7f2578368d9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9235974f9e59e5c090bbc7dfa871c402e97cd276007b56383aaee7f2578368d9
SHA3-384 hash: dc3eceb47504992660f2ef98afc05974ea89a7566bafa6061b605210b6ffde4f318098195679fc09598fdb52bc5d6d6e
SHA1 hash: e455ac5cdb9055ec2ff7babbc480c1b28a00dcaa
MD5 hash: a161e5ce2b89b92dfc3a80e6f8de5374
humanhash: nitrogen-connecticut-ceiling-two
File name:9235974f9e59e5c090bbc7dfa871c402e97cd276007b56383aaee7f2578368d9
Download: download sample
Signature Loki
Create hunting rule
File size:832'512 bytes
First seen:2020-11-10 11:06:50 UTC
Last seen:2024-07-24 19:05:52 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9bc579eb0d58ef7c936d7bf1ccbfe7f8 (3 x Loki)
ssdeep 12288:+mVt2FOf5bNWmMvQCCW6vJeQyDIYOLWdoBUudCA0ZpVxnJs2TWo3cx:+mVgOf5boQA6vhyJxoB3dCA0TVlns
TLSH 6F059F62E2D04933F1A3153C8D9B5254BA75BD932A2B6A453FF25C0C4F3879538393AB
Reporter seifreed
Tags:Loki

Intelligence

File Origin
# of uploads :
2
# of downloads :
56
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Nanobot-7585429-0
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Reading critical registry keys
Changing a file
Replacing files
DNS request
Deleting a recently created file
Moving a file to the %AppData% subdirectory
Enabling the 'hidden' option for recently created files
Unauthorized injection to a recently created process
Unauthorized injection to a recently created process by context flags manipulation
Stealing user critical data
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9235974f9e59e5c090bbc7dfa871c402e97cd276007b56383aaee7f2578368d9/
Threat name:
Win32.Dropper.Scrop
Create hunting rule
Status:
Malicious
First seen:
2020-11-10 11:08:31 UTC
AV detection:
29 of 48 (60.42%)
Threat level:
  3/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201110-e6ybd2927e/
Unpacked files
SH256 hash:
9235974f9e59e5c090bbc7dfa871c402e97cd276007b56383aaee7f2578368d9
MD5 hash:
a161e5ce2b89b92dfc3a80e6f8de5374
SHA1 hash:
e455ac5cdb9055ec2ff7babbc480c1b28a00dcaa
Link:
https://www.unpac.me/results/a710066b-0343-4cc3-9a06-4ff566e66e2a/
SH256 hash:
228b7da993b21bbb24ad604b3532eefffb7c02e1eb3d83f6831aea7e139818a1
MD5 hash:
b9c3a496a6360bdcad1aab43dc62b3cf
SHA1 hash:
c04095ca8569fcea627ced1bec4ef9d9be270365
Detections:
win_lokipws_g0
Create hunting rule
win_lokipws_auto
Create hunting rule
Link:
https://www.unpac.me/results/a710066b-0343-4cc3-9a06-4ff566e66e2a/
Parent samples :
9235974f9e59e5c090bbc7dfa871c402e97cd276007b56383aaee7f2578368d9
90affaa1d41e73a109fe40164789372356302f3a08dc54a1968ade45f63f2efa
173e07cafb003acbaf3e0d977f7687c80e131bcb86856227c77b9af503939158
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments